I'm helping my school network administrator to try to find a way to mitigate a current ARP spoofing attack on our wifi network. We detected an unknown host (MAC address seem to change, he is probably ...

My Linux (Ubuntu 12.04) password suddenly changed last night and I'm not sure if this is an attack or just a hardware/user error. This is on a personal/non-server box. Several strange events led up to ...

A couple months earlier, I made the mistake of downloading some software over an insecure wireless network and running it without checking its integrity. I am now considering reinstalling my system, ...

A few years ago, there was a high-profile attack on a Wired editor, where the hackers added a credit card to the target's amazon account, then used that self-added credit card to gain access to the ...

I have logs from a security appliance from Damballa which has cryptic names for threats observed in a network which I am trying to make sense of. Some examples of these threats are "RedTreeBruisers" , ...

My laptop (modded 2007 Macbook Pro) was stolen 2 days ago when I didn't pay attention to my backpack in a tourist spot in Europe and while I'm quite certain they won't have much use for it (the apple ...

as you probably know the problem with SSL based DDoS attacks is, that the traffic cannot be analysed and filtered by a DDoS mitigation service provider such as Prolexic, Akamai, Radware, etc. without ...

iOS version 5 and newer has a setting for VPNs to "Send All Traffic" over that VPN. I think that sending all data to a trusted VPN target would ensure privacy of all communication sent over that WiFi ...

We just completed functionality testing of our new e-commerce site and going to launch.We are accepting credit card payments. I'm really concerned about it's security.What are the precautions to be ...

IS there websites and places where you can download all types of malware that you can run and test the security setup of your system?
I am currently playing around with UAC+EMET4+MSE and would like ...

I found an issue related to Forced Browsing in my web-application.And I was able to verify that my static content(like text document...mainly help documents) can be accessed by simply hitting the URL ...

There are several papers from 2012 that say it's possible to factor several moduli by factoring shared primes. The link above includes python sourcecode to verify and test for this fact.
Given this ...

I created a Wordpress theme for my client. He told me that he scanned my theme with a vulnerability scanner, and that it has security issues with the GET and windows.location methods. Is this really ...

As a follow up to the Related Domain Cookie Attack question, I'd like to see if there are any servers that are able to detect instances where multiple cookies are sent from multiple domains.
In other ...

I read some slides from the Black Hat USA 2012 conference, and I stumbled across the term
non-­linear/backward overwrite, mentioned on slide 5 of the Exploit Mitigation Improvements in Windows 8 by ...

With the proliferation of low-cost automated CAs what can be done to mitigate the attack of someone doing a spear phishing attack to get a login to our webmail system, then using an automated service ...

LinkedIn now offers the ability to take a real user and password from the end user and connect to Exchange Server for the purpose of importing contacts into their system. (To do this yourself, click ...

Let's say you have a website that provides a service of some kind. Users can log in, they can store some kind of data, and there's various types of encryption in place to keep it all safe. Passwords ...

I was reading an interesting article found here: http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-703.pdf
It's titled "Lazy Susan: dumb waiting as proof of work".
It suggested the following in section ...

I was humming along with my usual routine of listening to old Defcon videos trying to understand some of the basics of what's going on in the IT Security world, when I came across one explaining man ...

IPv6 introduces a much larger address space than IPv4 and with it there are many new techniques in creating and mitigating DDoS attacks. What are some examples of risks and mitigations?
For example, ...

Is it a good idea to come up with a Javascript-based Proof of Work system to reduce spam on forums, and other websites?
This idea would be similar to HashCash, but the computation would be based on ...

This news article from 2010 discusses how a GPU can be used by a virus to avoid detection by common anti-malware/anti-virus software. The idea is to obfuscate the virus payload and leverage the GPU's ...

According to this accepted answer, there is no phone on the market today that is immune from "Juice Jacking"*. I think an easy way to mitigate this threat is to have a filter that blocks USB pins 2 ...